Analysis Report https://ph-northwestmi.as.me/efreechurchdose1covid20210310

Overview

General Information

Sample URL:	https://ph-northwestmi.as.me/efreechurchdose1covid20210310
Analysis ID:	368837
Infos:
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

Suspicious form URL found

Classification

Signatures

Phishing:

HTML body contains low number of good links

Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Number of links: 0
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Number of links: 0
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: Number of links: 1

Suspicious form URL found

Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Form action: client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Form action: client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3

Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="author".. found

Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: TV4F7E56.htm.2.dr	String found in binary or memory: <li><a href="https://www.facebook.com/acuityscheduling/" alt="Scheduling on Facebook">Facebook</a></li> equals www.facebook.com (Facebook)
Source: gtm[1].js.2.dr	String found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq\|\|(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq\|\|(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"https:\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"init\",\"1210643745657267\");fbq(\"init\",\"1407587539516826\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\u003Cimg height=\"1\" width=\"1\" style=\"display:none\" src=\"https:\/\/www.facebook.com\/tr?id=1210643745657267\u0026amp;ev=PageView\u0026amp;noscript=1\"\u003E\u003C\/noscript\u003E\n\n", equals www.facebook.com (Facebook)
Source: gtm[1].js.2.dr	String found in binary or memory: function Zo(a,b){}function $o(a,b,c){};var ap=!!n.MutationObserver,bp=void 0,cp=function(a){if(!bp){var b=function(){var c=K.body;if(c)if(ap)(new MutationObserver(function(){for(var e=0;e<bp.length;e++)M(bp[e])})).observe(c,{childList:!0,subtree:!0});else{var d=!1;ag(c,"DOMNodeInserted",function(){d\|\|(d=!0,M(function(){d=!1;for(var e=0;e<bp.length;e++)M(bp[e])}))})}};bp=[];K.body?b():M(b)}bp.push(a)};var ep=["www.youtube.com","www.youtube-nocookie.com"],fp,gp=!1,hp=0; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: ph-northwestmi.as.me

Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: http://consent-pref.trustarc.com/?type=squarespace2
Source: notice[2].js.2.dr	String found in binary or memory: http://consent.trustarc.com/
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: http://consent.trustarc.com/bannermsg?
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: http://consent.trustarc.com/noticemsg?
Source: schedule[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: schedule[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: schedule[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: schedule[1].css.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=71302de5c334d16fa768)
Source: tippy[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: TV4F7E56.htm.2.dr	String found in binary or memory: http://status.acuityscheduling.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://AcuityScheduling.com
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=scheduling
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/blog
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/language-select.php
Source: login[1].htm.2.dr	String found in binary or memory: https://acuityscheduling.com/login.php
Source: gtm[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: gtm[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: notice[1].js.2.dr	String found in binary or memory: https://api-js-log.trustarc.com/error
Source: schedule[1].htm.2.dr	String found in binary or memory: https://app.acuityscheduling.com/schedule.php?owner=21613168
Source: schedule[1].htm.2.dr	String found in binary or memory: https://app.acuityscheduling.com/schedule.php?owner=21613168&calendarID=4953566
Source: efreechurchdose1covid20210310[1].htm.2.dr	String found in binary or memory: https://app.acuityscheduling.com/schedule.php?owner=21613168&q=efreechurchdose1covid20210310&calenda
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://app.vwo.com/visitor-behavior-analysis/dist/codechecker/cc.min.js?r=
Source: tippy[1].js.2.dr	String found in binary or memory: https://atomiks.github.io/tippyjs/getting-started/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://carnation-cardioid-znps.squarespace.com/
Source: gtm[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: schedule[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/built/csp/schedule.all.js?v=c1a593
Source: schedule[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/built/csp/schedule.css?v=c1a593
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/css/marketingsquarespace.min.css?v=c1a593
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/font/Clarkson-Light.woff2
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/font/Clarkson-Medium.woff2
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/brand/logo-og.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-mini-9.7.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-pro-10.5.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-pro-11.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-pro-12.9.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-6s-7-8-plus.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-6s-7-8.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-x-xs.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-xr.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-xs-max.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-gavins-goodies.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-llama-ste.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-schooner-coaching.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-under-pressure.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-whiskey-business.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/ask
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/ask.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/down.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/left.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-ga.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-paypal.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-square.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-stripe.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-zapier.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/right.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-collect
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-collect.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-control
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-control.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-organize
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-organize.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/support
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/support.jpg
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/js/swipe.js
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/js/tippy.js
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn.amplitude.com/libs/amplitude-7.1.0-min.gz.js
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://clover-trombone-al4y.squarespace.com/home
Source: notice[2].js.2.dr	String found in binary or memory: https://consent.trustarc.com/
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: https://consent.trustarc.com/get?name=icon_cross_large.svg
Source: notice[1].js.2.dr	String found in binary or memory: https://consent.trustarc.com/log
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/e.gif?a=37352&s=j.php&e=
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/e.gif?s=mode_det&e=
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/j.php?mode=
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/v.gif?cd=
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://developers.acuityscheduling.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://fife-hawk-s476.squarespace.com/
Source: schedule[1].css.2.dr, schedule[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Source
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j.woff)
Source: schedule[1].css.2.dr	String found in binary or memory: https://gist.github.com/71302de5c334d16fa768
Source: schedule[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/en-us/articles/219149797-Live-Training-Webinars
Source: login[1].js.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/en-us/requests/new
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/requests/new
Source: gtm[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://pelican-orb-pnxf.squarespace.com/
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northw.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northw.as.me/efreechurchdose1covid20210310#selectedTimes29ml5484939e
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northw.as.me/schedule.php?owner=21613168&calendarID=4953566Root
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northwduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=s
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&re
Source: ~DF1208AB93F940F0FF.TMP.1.dr, {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes29ml5484939e2lnhrbbsir3&retu
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310Root
Source: imagestore.dat.2.dr	String found in binary or memory: https://ph-northwestmi.as.me/favicon.icoj
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://plus.google.com/
Source: tippy[1].js.2.dr	String found in binary or memory: https://popper.js.org
Source: gtm[1].js.2.dr	String found in binary or memory: https://s.pinimg.com/ct/core.js
Source: {747EC0F4-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://secure.acuityscheduling.com/
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr, ~DF904815EF7ED92817.TMP.1.dr	String found in binary or memory: https://secure.acuityscheduling.com/login.php
Source: ~DF1208AB93F940F0FF.TMP.1.dr, schedule[1].htm.2.dr	String found in binary or memory: https://secure.acuityscheduling.com/preferences.php?action=myaccount&from=free-embed-popup
Source: gtm[1].js.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://sponge-dachshund-jd56.squarespace.com/
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: https://trustarc.mgr.consensu.org/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://twitter.com/Acuity
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acl
Source: schedule[1].htm.2.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=schedul
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=scheduling
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=scheduling3&ret
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=schedulingHAcui
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.acuityscheduling.com/favicon.icoj
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: schedule[1].htm.2.dr	String found in binary or memory: https://www.google.com/support/adsense/bin/answer.py?answer=12654
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.instagram.com/acuityscheduling/
Source: get[1].2.dr	String found in binary or memory: https://www.optimo.ch/information-eula
Source: get[1].2.dr	String found in binary or memory: https://www.optimo.ch/information-eulaClarkson
Source: get[1].2.dr, get[1]0.2.dr	String found in binary or memory: https://www.optimo.chhttps://www.optimo.ch/information-eula
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/?source=acuityfooter
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/?utm_source=acuityscheduling.com&utm_medium=referral&utm_campaign=homepa
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/privacy
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/terms-of-service

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@3/65@9/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFF5C0B19FBFB1A0C0.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5408 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5408 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: agree

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.96.102.137	dev.visualwebsiteoptimizer.com	United States	15169	GOOGLEUS	false
52.89.211.128	secure.acuityscheduling.com	United States	16509	AMAZON-02US	false
54.184.84.60	api.amplitude.com	United States	16509	AMAZON-02US	false
13.224.89.109	cdn.amplitude.com	United States	16509	AMAZON-02US	false
13.224.94.16	consent.trustarc.com	United States	16509	AMAZON-02US	false
35.160.170.4	ph-northwestmi.as.me	United States	16509	AMAZON-02US	false

Contacted Domains

Name	IP	Active
secure.acuityscheduling.com	52.89.211.128	true
api.amplitude.com	54.184.84.60	true
dev.visualwebsiteoptimizer.com	34.96.102.137	true
cdn.amplitude.com	13.224.89.109	true
ph-northwestmi.as.me	35.160.170.4	true
www.acuityscheduling.com	35.160.170.4	true
consent.trustarc.com	13.224.94.16	true
cdn-marketing.acuityscheduling.com	unknown	unknown
favicon.ico	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	false	high
https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=scheduling	false	high
https://ph-northwestmi.as.me/efreechurchdose1covid20210310	false	high
https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	false	high
https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	false	high

Phishing:

HTML body contains low number of good links

Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Number of links: 0
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: Number of links: 1
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Number of links: 0
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: Number of links: 1

Suspicious form URL found

Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Form action: client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: Form action: client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3

Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="author".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="author".. found

Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&returnUrl=%2Fschedule.php%3Fowner%3D21613168%26calendarID%3D4953566	HTTP Parser: No <meta name="copyright".. found
Source: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: TV4F7E56.htm.2.dr	String found in binary or memory: <li><a href="https://www.facebook.com/acuityscheduling/" alt="Scheduling on Facebook">Facebook</a></li> equals www.facebook.com (Facebook)
Source: gtm[1].js.2.dr	String found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq\|\|(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq\|\|(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"https:\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"init\",\"1210643745657267\");fbq(\"init\",\"1407587539516826\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\u003Cimg height=\"1\" width=\"1\" style=\"display:none\" src=\"https:\/\/www.facebook.com\/tr?id=1210643745657267\u0026amp;ev=PageView\u0026amp;noscript=1\"\u003E\u003C\/noscript\u003E\n\n", equals www.facebook.com (Facebook)
Source: gtm[1].js.2.dr	String found in binary or memory: function Zo(a,b){}function $o(a,b,c){};var ap=!!n.MutationObserver,bp=void 0,cp=function(a){if(!bp){var b=function(){var c=K.body;if(c)if(ap)(new MutationObserver(function(){for(var e=0;e<bp.length;e++)M(bp[e])})).observe(c,{childList:!0,subtree:!0});else{var d=!1;ag(c,"DOMNodeInserted",function(){d\|\|(d=!0,M(function(){d=!1;for(var e=0;e<bp.length;e++)M(bp[e])}))})}};bp=[];K.body?b():M(b)}bp.push(a)};var ep=["www.youtube.com","www.youtube-nocookie.com"],fp,gp=!1,hp=0; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: ph-northwestmi.as.me

Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: http://consent-pref.trustarc.com/?type=squarespace2
Source: notice[2].js.2.dr	String found in binary or memory: http://consent.trustarc.com/
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: http://consent.trustarc.com/bannermsg?
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: http://consent.trustarc.com/noticemsg?
Source: schedule[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: schedule[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: schedule[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: schedule[1].css.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=71302de5c334d16fa768)
Source: tippy[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: TV4F7E56.htm.2.dr	String found in binary or memory: http://status.acuityscheduling.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://AcuityScheduling.com
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=scheduling
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/blog
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://acuityscheduling.com/language-select.php
Source: login[1].htm.2.dr	String found in binary or memory: https://acuityscheduling.com/login.php
Source: gtm[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: gtm[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: notice[1].js.2.dr	String found in binary or memory: https://api-js-log.trustarc.com/error
Source: schedule[1].htm.2.dr	String found in binary or memory: https://app.acuityscheduling.com/schedule.php?owner=21613168
Source: schedule[1].htm.2.dr	String found in binary or memory: https://app.acuityscheduling.com/schedule.php?owner=21613168&calendarID=4953566
Source: efreechurchdose1covid20210310[1].htm.2.dr	String found in binary or memory: https://app.acuityscheduling.com/schedule.php?owner=21613168&q=efreechurchdose1covid20210310&calenda
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://app.vwo.com/visitor-behavior-analysis/dist/codechecker/cc.min.js?r=
Source: tippy[1].js.2.dr	String found in binary or memory: https://atomiks.github.io/tippyjs/getting-started/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://carnation-cardioid-znps.squarespace.com/
Source: gtm[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: schedule[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/built/csp/schedule.all.js?v=c1a593
Source: schedule[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/built/csp/schedule.css?v=c1a593
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/css/marketingsquarespace.min.css?v=c1a593
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/font/Clarkson-Light.woff2
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/font/Clarkson-Medium.woff2
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/brand/logo-og.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-mini-9.7.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-pro-10.5.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-pro-11.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-ipad-pro-12.9.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-6s-7-8-plus.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-6s-7-8.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-x-xs.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-xr.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/launch-iphone-xs-max.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-gavins-goodies.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-llama-ste.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-schooner-coaching.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-under-pressure.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/site-whiskey-business.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/ask
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/ask.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/down.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/left.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-ga.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-paypal.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-square.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-stripe.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/logo-zapier.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/right.svg
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-collect
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-collect.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-control
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-control.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-organize
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/screen-organize.png
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/support
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/img/marketing/squarespace/v3/support.jpg
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/js/swipe.js
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr	String found in binary or memory: https://cdn-marketing.acuityscheduling.com/js/tippy.js
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://cdn.amplitude.com/libs/amplitude-7.1.0-min.gz.js
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://clover-trombone-al4y.squarespace.com/home
Source: notice[2].js.2.dr	String found in binary or memory: https://consent.trustarc.com/
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: https://consent.trustarc.com/get?name=icon_cross_large.svg
Source: notice[1].js.2.dr	String found in binary or memory: https://consent.trustarc.com/log
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/e.gif?a=37352&s=j.php&e=
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/e.gif?s=mode_det&e=
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/j.php?mode=
Source: j[1].js0.2.dr, j[1].js.2.dr	String found in binary or memory: https://dev.visualwebsiteoptimizer.com/v.gif?cd=
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://developers.acuityscheduling.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://fife-hawk-s476.squarespace.com/
Source: schedule[1].css.2.dr, schedule[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Source
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j.woff)
Source: schedule[1].css.2.dr	String found in binary or memory: https://gist.github.com/71302de5c334d16fa768
Source: schedule[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/en-us/articles/219149797-Live-Training-Webinars
Source: login[1].js.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/en-us/requests/new
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://help.acuityscheduling.com/hc/requests/new
Source: gtm[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://pelican-orb-pnxf.squarespace.com/
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northw.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northw.as.me/efreechurchdose1covid20210310#selectedTimes29ml5484939e
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northw.as.me/schedule.php?owner=21613168&calendarID=4953566Root
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northwduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=s
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/client-login.php?owner=21613168&PHPSESSID=isj29ml5484939e2lnhrbbsir3&re
Source: ~DF1208AB93F940F0FF.TMP.1.dr, {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310#selectedTimes29ml5484939e2lnhrbbsir3&retu
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/efreechurchdose1covid20210310Root
Source: imagestore.dat.2.dr	String found in binary or memory: https://ph-northwestmi.as.me/favicon.icoj
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://ph-northwestmi.as.me/schedule.php?owner=21613168&calendarID=4953566
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://plus.google.com/
Source: tippy[1].js.2.dr	String found in binary or memory: https://popper.js.org
Source: gtm[1].js.2.dr	String found in binary or memory: https://s.pinimg.com/ct/core.js
Source: {747EC0F4-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://secure.acuityscheduling.com/
Source: TV4F7E56.htm.2.dr, login[1].htm.2.dr, ~DF904815EF7ED92817.TMP.1.dr	String found in binary or memory: https://secure.acuityscheduling.com/login.php
Source: ~DF1208AB93F940F0FF.TMP.1.dr, schedule[1].htm.2.dr	String found in binary or memory: https://secure.acuityscheduling.com/preferences.php?action=myaccount&from=free-embed-popup
Source: gtm[1].js.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://sponge-dachshund-jd56.squarespace.com/
Source: notice[1].js.2.dr, notice[2].js.2.dr	String found in binary or memory: https://trustarc.mgr.consensu.org/
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://twitter.com/Acuity
Source: {747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acl
Source: schedule[1].htm.2.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=schedul
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=scheduling
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=scheduling3&ret
Source: ~DF1208AB93F940F0FF.TMP.1.dr	String found in binary or memory: https://www.acuityscheduling.com/?utm_campaign=acuity&utm_medium=referral&utm_source=schedulingHAcui
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.acuityscheduling.com/favicon.icoj
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: schedule[1].htm.2.dr	String found in binary or memory: https://www.google.com/support/adsense/bin/answer.py?answer=12654
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.instagram.com/acuityscheduling/
Source: get[1].2.dr	String found in binary or memory: https://www.optimo.ch/information-eula
Source: get[1].2.dr	String found in binary or memory: https://www.optimo.ch/information-eulaClarkson
Source: get[1].2.dr, get[1]0.2.dr	String found in binary or memory: https://www.optimo.chhttps://www.optimo.ch/information-eula
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/?source=acuityfooter
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/?utm_source=acuityscheduling.com&utm_medium=referral&utm_campaign=homepa
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/privacy
Source: TV4F7E56.htm.2.dr	String found in binary or memory: https://www.squarespace.com/terms-of-service

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.94.16:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.102.137:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.89.109:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.184.84.60:443 -> 192.168.2.3:49747 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@3/65@9/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFF5C0B19FBFB1A0C0.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5408 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5408 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: agree

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	368837
Product:	CloudBasic
Start time:	17:34:22
Start date:	15.03.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\HL5RDMJ5\secure.acuityscheduling[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\UD03UG22\ph-northwestmi.as[1].xml	ASCII text, with no line terminators	535F52270FFA7711FB3C84AB9EBCFA31	9B02744C6443D8749EFBB0F99DA6528DF581366C	1E13383BCA33D0AC81831E8C871DA22E46DC7E0FAD6EB83419C1A30D6EE7BD86
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\XKZEGMZ4\www.acuityscheduling[1].xml	ASCII text, with very long lines, with no line terminators	24D30E4728FD121EBD8A65D2DB05C15C	1B23488F0B72CB01C841C3F140B58BB991D78AEC	D6156A33B255F6640FFBC6C18F5BB103211B272EEA3299BCC435836A7A14A304
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{747EC0F1-85EF-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	7EAD4C0E3720839CB543D8C87FD10711	66B69F61384484C974C164340FBCB3FF58CDD48D	ADB33C89C5061B7ACDCC3C3939CFFA270F71953FBCB4116BC9F4FCA9E208F1AB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{747EC0F3-85EF-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	A9CBBED1140185B5180A08C6E2FEC86C	45B69F92CFFE70919B75854303D35AE136E46E21	7EC5A7B92AF0468B5228F6493A0EC98A170B236675ECFD4FDF813EBD607CCDF7
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{747EC0F4-85EF-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	74F958E85AA9F538B95644752F0B0F7E	B6EE9F271DF8902E1CDD5D15E281074A3A285E87	E3FE1EB11C0EFA4B1E6D7F57A0891A27E0286FD7BFAF1A5B8BABE05F6A73ACE8
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87DDBBBB-85EF-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	E0ACBFAE2BE97B39D14E7979CA1DA72E	800FF9B39389BCBE6279362B99B63C3C10E52EBA	CA0BF5188BD3E5D93B6C53C5F78163F731A386C8B2E828CBF644D5BFA38AD1F2
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	57C237DF1F93B8169F9918A10579196E	14D99D0527C37099A1038E7719EC860BC8FFCDF8	2E8F039DF7C432A04543A20C914D8B489E48AB77A87F8AF53D8FC14935C84914
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css	ASCII text	3F9B532C4E0BB98A6B270F466E3BB339	53ABE84BE49F53DEC5D83F52E384A410634E8A22	D9C0984700CF3587571B497508E67E09D8B4F43917463EC7414D447B8ABD29BC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1].svg	SVG Scalable Vector Graphics image	C652A5EF0AD8746D4DFD7A4E04EE9CB5	2B81B37367F2DBCD249DC7B0C1BE64091CE2396F	DD1E180F1B9B88FCA4185DC8B10CE692ADAFF37E9744CE09661AAAC785FBBF55
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	9E692FE534DA39B5C8F14625EB830C64	98CFEE2A58D900D55519E731D87AD678B5BE04FC	6F18DCF9C7761928B5A69D498370F1C566EEF18BCAC4BFF21D7336AC63618D17
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\j[1].js	ASCII text, with very long lines, with no line terminators	EB7302B99A8604E265A8F76AF27934E6	92D25D6C4E47C0E465D0D95EDF93AFD37B7EB068	382A81D8D588D6DC4C0A4DFE8B575B61DAA2395C3428DDD766D53997418E60A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\notice[1].js	HTML document, ASCII text, with very long lines	C2CCE6DF0689A43C28AE12A053677CBC	AA32B9431DA83FAE5F0AE7CA1CB2D04E2FBA436F	C29EB102A3BB555F982C31448D88CE74F58BC987E879A06328D15206D6FCEE24
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\right[1].svg	SVG Scalable Vector Graphics image	61761C08EF4C600B96F5F99D3BE63476	175EA4D34267AB2AF35AD07AB72B13EDF2A8423B	3ACD6635066A6BDC6088EA0251B78E76A4D76AD40D18C8F6BE6DF38FF4075D82
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\site-gavins-goodies[1].svg	SVG Scalable Vector Graphics image	967DE272FF3C383B76956BD95A71731C	72F9AE25750C90D59646C47CC701BE57B0ADC1F7	1738513C6194F541278AB00F38AB102CF7858EAD8A61EBBC1CDAEE5ED2C439A2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\site-llama-ste[1].svg	SVG Scalable Vector Graphics image	C84F264FF4C59F5EF51A79214ECAC5E0	1A847691E2142BB2C9CAAC9C00CD29FFF3114AC5	8D4C6970718173FF794872D46DFE00836D05F46BAF05F24518BA8E04DB3BDD9B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\site-whiskey-business[1].svg	SVG Scalable Vector Graphics image	A2C6897AEAFF14C0A3472E426BE26AEE	3F077CA69B9CF24896B68857E5D94B00BD21FA1B	907745ED0C8F63B057D22233E40DF394FA09FC67E542B414050EDE2836EEF01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\v1[1].js	ASCII text, with very long lines	18B3B01DE8F5C3837A24BA2F60983237	2DC18EDAB744CB2095CA4067E84CCD68BAE5D7DA	C24D4269E2737F585E331C7D7F111AA2E5945BCF4A0600DDBC9B52F20375B60E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fontawesome-webfont[1].eot	Embedded OpenType (EOT), FontAwesome family	F7C2B4B747B1A225EB8DEE034134A1B0	3E63FC9B3DE4580F1F3BEC0631436F755B80F167	CBB644D0EE730EA57DD5FBAE35EF5BA4A41D57A254A6B1215DE5C9FF8A321C2D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gtm[1].js	ASCII text, with very long lines	5E83CFF4FA4D8BD57E25BCB2C9B965AA	5C01221514AE7A739486A6AB22BF167A3397B009	5594F494AD8B37E8323A37FBFC4E84FC4B2F482451B79FD56D355ECAFCB9DE75
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\j[1].js	ASCII text, with very long lines, with no line terminators	880648A4CE74C0E2E6AB959E2988EDB9	2478D7AA783A6560B4AF08EDD960A1B079CB696E	A8C743F1D11B38C0C307D275257BDF4C08275DEE3214540153B16FA60224E458
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\left[1].svg	SVG Scalable Vector Graphics image	B2FB2DC4CA6A3F46D4A2F14DAE2F05A7	AF9F2F76D11D859AC5256B89E1049C2F368F176F	78E4DB1A311F6435762EDDC8A3B5A31D8B362995CC794385B5243A555CED0E9F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[1].htm	HTML document, UTF-8 Unicode text, with very long lines	5C2CCC4F4A163DC3F5F6E09D1D60F02A	B6AA1FC06DC03AEB1C4445B2E7922414747B4EE3	87D2587AC75E9DB18E7652E162901686A025F502E2EEF3025E95785E4919F612
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[1].js	HTML document, ASCII text	A7A2CD799B837E2A6B4566B4D3271EEB	5C48CA0F2C1B5ED670B81D431400FF12ABA75B1F	9BB24DADD62FC5B3A76C7160A8ADA363AF44545CBA1DA2CA03637C7E87E02D52
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-square[1].svg	SVG Scalable Vector Graphics image	179C1C854F83E042B47110E667FF3530	254F74B9101C2C8AAF33E6E95EEABED8C52CABC0	AECE993E18F1BB13FB8509DF3CB2DD082EB97BEFF201EBFD71C27817F6891AAC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-zapier[1].svg	SVG Scalable Vector Graphics image	0273D2CBB113C47E2EE75BFB52DE3678	1402893A87EC3583C2FC368FC1A49A59D90005BE	3E7821078D82CE435B640CBF4D6848486BECDE92AB1A6F21CBDE3ADEC59A8AF6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo_inverse[1].svg	SVG Scalable Vector Graphics image	8EF5F99EFA844294DF0A843751BE93BB	75378B5AE9FB1E2F869ECDE512966867E20B4C1C	06A32F58B9A529E08BFCE28EC42D92E1BB59CFFA6AE8F870D38270D656A56FA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\notice[1].js	ASCII text, with very long lines	BD2BAEA3F8E97A63FC9D0D7EB325FA2F	E51C62E2303B99ACDB2A2060A721692169C5ACE3	8CF55C8FF49C1F8CC211CDE39E94ACFF3BDED38B8699D9987041558AEB461065
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\notice[2].js	ASCII text, with very long lines	1FC97801D1B704C16923C252A3E8298A	6A7043DA52B136F09C3D6DE3615A1EA6FE3E6CD0	FCEF61410B3F39D0A648D42CA2187DF372B519208B0B7225EEFFD9B04672BA8C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\schedule[1].css	ASCII text, with very long lines	6369014A6126DAA5CC57F4BDC095C9E3	368B464A9693A27093861C9CBE7EAD9CB664DBF2	9C76B3DB094FCFABBFD83AC495B6AD96B862222BB5E6DA0CE3B375601C3A79A1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen-collect[1].png	PNG image data, 452 x 310, 8-bit colormap, non-interlaced	915B0D966FEB045DFED4E8ACAFE1A5BA	F351F01DC034FD89BC208AD95AF7C1E8EC8813A3	F94953ACF2BCD109074F5436E5F2FA2CF30703674565E90460D4524040DA9C57
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen-organize[1].png	PNG image data, 426 x 310, 8-bit colormap, non-interlaced	BAD5DA5083E2BD5C4B476B313D847E91	BCE32BD2B757CE89D1BD08D6EB8CBA13C18048A2	51F1F00335EB255DF5412A10329A4BF7F351DB111C7416E57A34026909323172
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j[1].woff	Web Open Font Format, TrueType, length 20180, version 1.1	5CC3AAE674EA3B199313B3B83BD795BC	993DB0EC4347B0CC53128CFDCBB767606D8A3576	38399EFE707A8FFC12359A0086E7340315B42194A10FD2E1D1288BE12DA9E39C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Clarkson-Light[1].woff	Web Open Font Format, TrueType, length 55115, version 1.1	2AD9857AD748BE35101DEBAB00E5A092	B85D0B9E83CA83327D545938345ED0A5CB9CE449	1A97919730ABCC084F8B59C1F3C9F99E22118BC1D85FECC5A67D9F9890F4EE39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Clarkson-Medium[1].woff	Web Open Font Format, TrueType, length 56416, version 1.1	4F60EDF2654A7B4F8F5B383E1B2E6D63	DA17D8E0246A3A9C72861B6696CE28983BAB8E21	B1EE6A1C6DADE765F8005823CAA0A961F22F0876C298DF168A49C6E05F11C049
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\TV4F7E56.htm	HTML document, UTF-8 Unicode text, with very long lines	B34C43F12AB62EB45DF01B1D4E898F5A	9B3606A6E4739CA66F9EAC8A8D96082FF0FEACE3	5380BBBAAEE98F340568B913BC1058399890086248F1936A7AEBF6F7FD1C4668
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\client-login[1].htm	HTML document, ASCII text, with very long lines	4491B89D8941EDCFC4E2589D9D5DE311	1A9B3EBACB9FE980E90BEA8059CD6ACAAB2B3DDB	B109F557EE1439FDEE043DB13BC3CEB6DB085AD55CF97C0F8276F5AD7F9BB156
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\efreechurchdose1covid20210310[1].htm	HTML document, ASCII text, with very long lines	588ACDAD0F456D7322C12365DB5F0305	D60F5B7AF64314D541BFCFD64694FE9AA63AA962	28E159C59B25797A3EAADE51A21453F078E9BBBF179DC7BBB39DCC7FAD450B39
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	9E692FE534DA39B5C8F14625EB830C64	98CFEE2A58D900D55519E731D87AD678B5BE04FC	6F18DCF9C7761928B5A69D498370F1C566EEF18BCAC4BFF21D7336AC63618D17
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\get[1]	Clarkson T	B15318518B0FC02E41E21D7BB2F21C45	72C3E0D5542824492787FE70B69E8948CAB9C5FA	5BDAB82724BD5453B2B828AEE84C064839468E7B7D50417BB406946FE1BD01E1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-ga[1].svg	SVG Scalable Vector Graphics image	57EB73BEC651BD0D72A974BCED5726E6	790E9C858C4EABE99D3C5D6E94BFD7DF651288D7	C4F73421F96F871CD958FE9935B032407AC0E08816936CE388ED2D8330A39F36
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-paypal[1].svg	SVG Scalable Vector Graphics image	D11A46BAF4FCB71B85E3C8C916B142B3	DC5E1AC0E437CDA5F497DABE78B5F866B55216D7	3AE3EEB30CD6B730BA42528CC9761C1A2064C04576A2A47703FFEEF528428F0D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo-stripe[1].svg	SVG Scalable Vector Graphics image	5D5311835AD431BEA17AC2BF394C2DA1	F6D561B7BC3FB03D97D628988B644082DD63F6D9	FA70690521BEA1925D90962AA6B9CF29347FCD355012336663C945FE4CBEE073
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\marketingsquarespace.min[1].css	ASCII text, with very long lines, with no line terminators	B1A2D403C6920B07BC6EBE008A0FF33B	F94DA16A85F58925B72E86B44B6EEE2E8A50D0C1	B53E92927A137BF24B4DC9C9404EA925F3754C5C940055DB67C58C0508FE30BA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\schedule[1].htm	HTML document, ASCII text, with very long lines	90D4B55E9BF53A30757EEA343B3E796B	E97B86530F2301E626C3C8DACF72E89C177065F4	D58082F9020B3BBCE529F5AF3AE5EA05032E1D1877BF4D00FCD6890045279114
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\swipe[1].js	ASCII text, with very long lines, with no line terminators	C7AAFC5AF66A76EC62F531CEEBBAAC89	1717311661A7AA5774BF5EE910007AF0838CF256	AB359967B981ADFFB7453EF1BE751A52DE78A1BDA87EC22E6019F13090F5DCD2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\tippy[1].js	ASCII text, with very long lines	88D62DCC2558466476BE7AB9797D4704	38691B4F8C2D276CB18B4A236F6D6850B66143AF	90767F34110F4676BBFB317C848696678ABF4D8F4BFF4E2DA81BD1E3E6BC8EE8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\amplitude-7.1.0-min.gz[1].js	ASCII text, with very long lines	16CCFCE335CFD5A79A18193A77B65526	2FFF64B480ED24CD411E398DA1DC45A891847ACF	A9A2E998EE0FD7C858904E6A1ECE449C07DEA8477A51AA735B7EF1187742A102
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ask[1].png	PNG image data, 660 x 642, 8-bit colormap, non-interlaced	C55A0C260863911C82B5A76A2CFF1931	972B4C000AC226AAD05C9C754DE8BCBCF2E92D03	ADAAC99936EB9C888CB9CC6C2912252449C031D9B13F0D0BB2C9904FABD1CBC6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\efreechurchdose1covid20210310[1].htm	HTML document, ASCII text, with very long lines	80C42C9AEF76C51640C811B78FE7828A	ACD448E7D0C60871EF964A67116679A65C3039BC	FD6EF2E69DDC09F7E18FFAE65B7F915323A3960AD1EB4E8CE73B8EAD5C416665
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\get[1]	Embedded OpenType (EOT), Tfayzxghsxhzrjigoixtfuefbuz family	294B786746B106445C16576BA95C410A	6B1C37F5554B37213F69F29B6751BC7D5883D5AE	78325406E3168024D7AAA64DDFF5222841CBD90A06565AA7913E4AE94D7A7437
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo-01[1].svg	SVG Scalable Vector Graphics image	DDBE8FF2E4785DF11FC236166A07DB2D	D2E50FFED9681423C332E06D98D3C78F92212789	8ADFB8B060235F81967E73BBFEC4E257BA0AB13E488A4C9AE5210792500A077B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo[1].svg	SVG Scalable Vector Graphics image	8DCC6EE640B3A0873DB2CD12D24CE64C	137024194B22DE90F0DB33F9AE69D3D259BC10A4	9F7EC21D7D5169533FBB0F74EA6F332AC0E8633E90B5C45AF54C8A45C5E52A70
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo[2].svg	SVG Scalable Vector Graphics image	8DCC6EE640B3A0873DB2CD12D24CE64C	137024194B22DE90F0DB33F9AE69D3D259BC10A4	9F7EC21D7D5169533FBB0F74EA6F332AC0E8633E90B5C45AF54C8A45C5E52A70
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\massage-large[1].jpg	[TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1439x719, frames 3	F357FF65FBCCB7757C40B16BF30C536C	5D3A1CD539BCFBEC6FBF9936C9202A7985C126CF	7878A59C60ECB2D4360A02E7462213B7FF62FE9AC4C8DA69F5F295E4492EC7A4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\schedule.all[1].js	UTF-8 Unicode text, with very long lines	AC5FC9A9B624EB8EFA652E36D0BFD596	226835BBD3F806F9F469903D480B2C8869F28F55	6CE97B84ED65FD34D919F50E0259BDD310992DF32577C8C665179D04F2FD6D7B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\screen-control[1].png	PNG image data, 428 x 310, 8-bit/color RGBA, non-interlaced	FABD57502002C19C8CE6BD1ED188B71A	DDFDEF47684ECE34966DAD5B958833ECB5CD3573	51EA5B1C3B9F5BCDB8C8BD31146F983A3A7E2FB276668DD7ECC8179E928C8D92
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\site-schooner-coaching[1].svg	SVG Scalable Vector Graphics image	1804EDAA825DFC5A13A7C4943C8521F9	FB6E2D049D06B58F08C99A49E2079CFA6D34FF55	C6C27EF02E80F44FA280699E3A178FDFC17738BFEDAF669EBB49570BB9593035
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\site-under-pressure[1].svg	SVG Scalable Vector Graphics image	EAAF1195AA71A574FEA61EDE7128CC69	D24B8E6DADBF42EC410FCBC2FC1112513DF6442A	D8F317161A53DA0E71D6D028471D5759617274FCCF8B8CCF7F18220D14928064
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\support[1].jpg	[TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], progressive, precision 8, 583x695, frames 3	2BC931CE12885842F2CB215A16CF1C12	BFF81BDD37BA0FCEB28180BAB860B8FFDD64A15B	6FFA4B5B9CEC59633E64B6F4057729E5CED6B9CC57C9C6B8BC5DF255FB8B5CA2
C:\Users\user\AppData\Local\Temp\~DF1208AB93F940F0FF.TMP	data	44FB647990AAB31C924C35A2CA6F65C8	8B4263E0060794B7DB8A6E670142038F5640DF3F	47E3733BA699C35579D217FE2F4AE570B9395B150C4EB00133783B1F4AE8CF9B
C:\Users\user\AppData\Local\Temp\~DF26AA1685C1C23235.TMP	data	B1624E2E2EFB55CDCA505400071D8A88	A79FBD6FB13ECE44B85BBF42C256DF8F5E924238	75C86824B3B6B699EC5EF82FED781CC04BA5C23A40E8B97E5B076750C290C603
C:\Users\user\AppData\Local\Temp\~DF904815EF7ED92817.TMP	data	FEBE5281508DD01B6DDB016E9CBD9B67	7BFC7CC6A1D70F54FF43E1F0A71F255343B1FF87	A7E11C968DAC16828A55827A269D76BB32D1DF10E5856798A2A6D6A95682A09A
C:\Users\user\AppData\Local\Temp\~DFF5C0B19FBFB1A0C0.TMP	data	E8D353F9D84843EAF7581CE6D43C7238	2B1C2AFFAF93231A8AFE0A3960D287EDC6690D1C	565DC22396BA0DD618367F851FD621AAEC1C0D317D00295F39F41E869DF81CF9

Analysis Report https://ph-northwestmi.as.me/efreechurchdose1covid20210310

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs